xPaaS - Other Cloud Services

Complete System Design, Inc. applauds good design...

Several cloud services deserve special attention. Those vendors have tweaked the "pizza" model to make their product stand out.

We applaud good design.  These services can make a big difference for small organizations and we highlight them here.

Integration Platform as a Service - IPaaS

Extracting data from one system, then providing it to another, is a continuous activity.  The majority of effort expended by software development teams in most IT organizations is spent constructing this data "plumbing".  Software vendors have responded with a host of applications generically called Integration Platform as a Service or IPaaS.

The field is full of vendors, many of whom have priced their products well beyond what is sensible for small business.  While there are a number of open-source exceptions, our first choice is Azure Logic Apps.  There is no licence fee for this product.  Clients pay for the amount of processing.  At the current price, 20,000 "actions" performed in the Azure East US data center costs $16.00. 

Logic Apps takes advantage of the Azure environment and comes with a catalogue of common templates.

CSDI developers can quickly build integrations that plug into our operations and monitoring framework.

Identity as a Service - IDaaS

Keeping track of all our passwords is a headache.   Every service we use is on a separate platform and requires a password.  We know that we should use different passwords for each service and change them frequently - but, it is hard to do.

The introduction of cloud services into an organization can exacerbate the problem.  Organizations can utilize many services from different vendors.  While it appears to customers or employees that they are working on one system, there may be many systems.  Integration becomes hopelessly cumbersome unless there is a "single-sign on" (SSO) or identity access management (IAM) system to validate users' security credentials once and control access to all applications in the environment.

Many identity management systems are targeted at large enterprises and are not priced for small business.

There is not a simple answer to the IAM problem.  Software providers have not settled on a standard and information security challenges continue to appear.  No one IAM system dominates this space.  

CSDI's starting place to address this challenge for our small business clients is Azure Active Directory and the suite of products under that banner.  Azure Active Directory  is integrated into the Microsoft ecosystem and provides much of the capability of third party identity access management systems.

Every organization has unique requirements.  CSDI consultants can design a solution that is practical for your business.

Security as a Service - SecaaS

Information security is an important issue for every company.  Even large companies with sufficient resources to address this challenge have stumbled.  Small companies do not have the resources to hire information security experts.  That fact presents an opportunity to cloud service providers.

Information security has long been touted as a shortcoming of cloud computing.  The thought was that if the data is not physically present it is not controlled by the owner.  In the early days of cloud computing that statement may have had some merit.  In our view it is no longer true and probably was never true for small businesses.

There are two reasons for this.  First, small business cannot afford the infrastructure needed to truly secure their on-premises networks and servers. Even if they could, they generally do not have the expertise to configure and manage the environments.  Secondly, most data centers or server rooms are run by small and medium sized companies that do not have very good defenses.  Once past the perimeter firewall, most on-premises devices and services are vulnerable.

Cloud computing has matured.  The environment is shared, so individual services like database servers, application services, Virtual Machines, etc. are all implemented behind virtual firewalls.  Access by other components has to be explicitly allowed.  Also, cloud providers invest in top tier security equipment because their infrastructure is much more valuable than that of any individual customer.

These factors allow cloud service providers to deliver information security capability to small and medium companies that they could not otherwise afford.  Security services provided by Complete System Design, Inc. including:

Secure E-mail

E-mail security has received a great deal of attention in the news, and rightly so.  Information security was not included in the design of the protocol that allows e-mail to travel the internet.  Email that is secure in transit, as well as at rest, at both the sender's and recipient's locations requires planning and infrastructure.  With cloud infrastructure, the problem can be solved once and shared with everyone using that cloud platform.  Complete System Design, Inc. offers secure email through Microsoft Office 365 Enterprise subscriptions.

Web Application Firewalls

Web application firewalls control the flow of data packets between your web applications and the internet.  Web Application Firewalls (WAFs) evaluate the content of data inside the packets.  WAFs provide two types of risk mitigation.  Inbound packets can be evaluated for a number of security exploits.   This has tremendous value because it can be done without touching the software being protected.  Legacy or suspect applications can be protected to a large degree, without modifying the software instructions.  Outbound packets can be scanned for Personal Identifiable Information (PII) and other high-risk information such as credit card data.  In fact, any information that matches a definable pattern can be monitored in outbound filters.  If other security measures fail, outbound traffic monitoring can identify the source of the failure, make it possible stop the breach and determine the extent of the data loss.  Reports may even help law enforcement locate and prosecute cyber criminals.

Several web application firewalls are available on the Azure platform.  The cost and features in Microsoft's Azure Web Application Firewall make it our first choice for our small and medium sized clients.

Disaster Recovery as a Service (DRaaS)

The robustness of cloud infrastructure mitigates, but does not eliminate, the need for disaster recovery planning.  Complete System Design, Inc. recommends that critical data software be backed up to an independent separate infrastructure.

Backup and disaster recovery is not a one-size-fits-all proposition. Indeed, cost effective use of IaaS offerings complicates the picture quite a bit.  In the the past, a server backup could provide adequate data redundancy, discreet software files, database and deployment packages now need to backed up and annual recovery exercises should be performed to ensure that systems can be recovered.  Inexpensive cloud storage combined with compression technology and differential backups makes cloud backup of on-premise systems financial attractive.  However, recovery from the cloud may require than time that is acceptable. 

Disaster recovery plans should be designed, documented and periodically exercised in all deployments.  CSDI maintains a suite of software services and providers to support our customers' disaster recovery requirements.